On (03/15/13 17:30), freebsd@tern.ru wrote: >Hello Freebsd-security, > >I've got portaudit alarm on perl-5.8.9_7 with regard to > >perl -- denial of service via algorithmic complexity attack on hashing routines. >Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html > >But on the other server I have perl-threaded-5.8.9_7 >and portaudit thinks that it is OK (no problem) > >Is it correct? >It seems to me that threaded perl also should have the same problem. > It does have the same issue. I've corrected the VuXML entry and you should see updated portaudit results within 30 minutes. Your 5.8.9 perl-threaded installation should also show up as vulnerable to the same issue. Thanks! -r >Please advise. > >PS. I know that it is old and "unsupported" but I don't want to > upgrade without serious reason. And, any way, the "behavior" of > portaudit seems to me not correct. > > >With best regards, >Alexandre Krasnov. > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Ryan Steinmetz PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"